You are not logged in.

#1 2011-10-05 12:25:20

berbae
Member
From: France
Registered: 2007-02-12
Posts: 1,302

Testing package signing with pacman 4 in git

I wanted to thank the Arch development team and all the contributors for the hard work currently undertaken for the final implementation of package signing, which should arrive in a short time now, I think, as pacman 4 is in rc2 stage.

I noticed that most of the packages are already signed in the repos now, which is great.

For those who want to already verify the packages gpg signature, I introduced the --verify option in the paccheck script in AUR.
The packagers' public keys are automatically imported in the local gpg keyring base, the first time they are required.

I could not find signatures for the sync databases, but I think that when they'll be added, the paccheck script will become deprecated altogether for all those afraid or worried about mirrors hacking.

Then Arch will become a very secured distribution.
I really look forward impatiently for the pacman 4 release.
Thanks again to all.

Last edited by berbae (2011-10-06 21:34:00)

Offline

#2 2011-10-05 12:49:22

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Testing package signing with pacman 4 in git

berbae wrote:

I really look forward impatiently for the pacman 4 release.

Actually using rc2, or building from git and providing testing-based feedback will alleviate your impatience and help us to provide a better release.

Offline

#3 2011-10-05 13:15:35

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Testing package signing with pacman 4 in git

falconindy wrote:
berbae wrote:

I really look forward impatiently for the pacman 4 release.

Actually using rc2, or building from git and providing testing-based feedback will alleviate your impatience and help us to provide a better release.

http://mailman.archlinux.org/pipermail/ … 21632.html

Offline

#4 2011-10-05 15:06:25

berbae
Member
From: France
Registered: 2007-02-12
Posts: 1,302

Re: Testing package signing with pacman 4 in git

falconindy wrote:

Actually using rc2, or building from git and providing testing-based feedback will alleviate your impatience and help us to provide a better release.

It's a good suggestion, so I think I will decide to switch from paccheck to pacman 4rc2 to contribute in a better way maybe...

So the paccheck script will surely stop to the 1.7 release.

Can you give me some infos concerning the signature of the sync databases?
Will they be signed also? I could not find a signature for them in the repos.

Thanks karol for the link to the mail where the pacman 4rc2 package can be found, and to Dan McGee who provided it.

Offline

#5 2011-10-05 15:47:47

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: Testing package signing with pacman 4 in git

Moving to Testing.


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#6 2011-10-05 16:14:54

berbae
Member
From: France
Registered: 2007-02-12
Posts: 1,302

Re: Testing package signing with pacman 4 in git

I just made the switch to pacman 4rc2.
I ran, as root of course:

pacman -U /home/berbae/downloads/pacman-4.0.0rc2-1-x86_64.pkg.tar.gz

pacdiff (to merge the differences in /etc/pacman.conf and /etc/makepkg.conf)

pacman-key --init --keyserver hkp://keys.gnupg.net

It asked me to do something to higher entropy on the system.
I ran a program as user in another console prompt, and it was happy with that and finished the initialisation without error.

In /etc/pacman.conf I uncommented the line:
#SigLevel    = Optional TrustAll
to
SigLevel    = Optional TrustAll

Then my first 'pacman -Syu' in the new era of package signing on Arch Linux.

It asked me to import missing keys. Everything works without problem.

Here are the packages which were updated:

xterm 271-1 -> 275-1
sane 1.0.22-2 -> 1.0.22-3
poppler-data 0.4.4-1 -> 0.4.5-1
mpfr 3.0.1.p4-2 -> 3.1.0-2
linux 3.0.4-1 -> 3.0.6-1
libpulse 1.0-2 -> 1.0-3
fakeroot 1.18-1 -> 1.18.1-1
cmake 2.8.5-1 -> 2.8.6-1

Nice job from the developers team!

Last edited by berbae (2011-10-05 16:25:54)

Offline

#7 2011-10-06 21:31:58

berbae
Member
From: France
Registered: 2007-02-12
Posts: 1,302

Re: Testing package signing with pacman 4 in git

I test now the last git snapshot:
pacman-git 20111006-1

I made a PKGBUILD for it. The version which is the date the package is built is automatically generated during the build process.
I cannot choose it.

The last 'pacman -Syu' could not import the Florian Pritz' key 4CE1C13E the first time and aborted the update.
It worked the second time but it took some time to receive the key.

Maybe it's due to trafic on the key server.

I will post feedback if necessary from using the pacman development version.

Last edited by berbae (2011-10-06 21:53:44)

Offline

#8 2011-10-07 05:45:39

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Testing package signing with pacman 4 in git

berbae wrote:

I made a PKGBUILD for it. The version which is the date the package is built is automatically generated during the build process.
I cannot choose it.

--holdver

Online

#9 2011-10-07 16:19:37

berbae
Member
From: France
Registered: 2007-02-12
Posts: 1,302

Re: Testing package signing with pacman 4 in git

Thanks Allan, the --holdver option works as expected.

So I use now:

pacman-git 4.0.0rc2-2
pacman-contrib-git 4.0.0rc2-2

which I built from the last git snapshot 2 days ago.

For those who want to see the PKGBUILD I used, it can be found at https://github.com/berbae/pacman-git
A pacman-git.tar.gz file, containing all the needed files to build, is also available there.

I know that it exists such a package in AUR allready, but I modified the PKGBUILD a little, so it's not exactly the same.

In particular, I do not make a second clone of the git tree; instead I use './autoclean.sh' before the 'git pull origin' to start afresh with './autogen.sh'.
I am not sure if this is necessary, but this is lighter than copying again all the git tree, it seems to me.

So I hope that some other guys will want to contribute to the final development of pacman 4.

Last edited by berbae (2011-10-07 16:32:02)

Offline

#10 2011-10-15 11:02:33

newgargamel
Member
From: PL, CZ
Registered: 2005-08-28
Posts: 156

Re: Testing package signing with pacman 4 in git

berbae wrote:

I just made the switch to pacman 4rc2.
I ran, as root of course:

pacman -U /home/berbae/downloads/pacman-4.0.0rc2-1-x86_64.pkg.tar.gz

pacdiff (to merge the differences in /etc/pacman.conf and /etc/makepkg.conf)

pacman-key --init --keyserver hkp://keys.gnupg.net

It asked me to do something to higher entropy on the system.
I ran a program as user in another console prompt, and it was happy with that and finished the initialisation without error.

In /etc/pacman.conf I uncommented the line:
#SigLevel    = Optional TrustAll
to
SigLevel    = Optional TrustAll

Then my first 'pacman -Syu' in the new era of package signing on Arch Linux.

It asked me to import missing keys. Everything works without problem.

Here are the packages which were updated:

xterm 271-1 -> 275-1
sane 1.0.22-2 -> 1.0.22-3
poppler-data 0.4.4-1 -> 0.4.5-1
mpfr 3.0.1.p4-2 -> 3.1.0-2
linux 3.0.4-1 -> 3.0.6-1
libpulse 1.0-2 -> 1.0-3
fakeroot 1.18-1 -> 1.18.1-1
cmake 2.8.5-1 -> 2.8.6-1

Nice job from the developers team!

for me this doesn't work and I'm getting errors:

błąd:  glibc: signature from "Allan McRae <me@allanmcrae.com>" is unknown trust
błąd:  gcc-libs: signature from "Allan McRae <me@allanmcrae.com>" is unknown trust
błąd:  pcre: signature from "Allan McRae <me@allanmcrae.com>" is unknown trust
błąd:  libffi: signature from "Eric Belanger <eric@archlinux.org>" is unknown trust
błąd:  glib2: signature from "Ionut Biru <ibiru@archlinux.org>" is unknown trust
błąd:  shared-mime-info: signature from "Jan de Groot <jgc@archlinux.org>" is unknown trust
błąd:  coreutils: signature from "Allan McRae <me@allanmcrae.com>" is unknown trust
błąd:  perl: signature from "Florian Pritz <bluewind@xinu.at>" is unknown trust
błąd:  openssl: signature from "Pierre Schmitz <pierre@archlinux.de>" is unknown trust
błąd:  libmysqlclient: signature from "Andrea Scarpino (Arch Linux) <andrea@archlinux.org>" is unknown trust
błąd:  mysql-clients: signature from "Andrea Scarpino (Arch Linux) <andrea@archlinux.org>" is unknown trust
błąd:  mysql: signature from "Andrea Scarpino (Arch Linux) <andrea@archlinux.org>" is unknown trust
błąd:  akonadi: signature from "Andrea Scarpino (Arch Linux) <andrea@archlinux.org>" is unknown trust
błąd:  gd: signature from "Pierre Schmitz <pierre@archlinux.de>" is unknown trust
błąd:  geoip: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is unknown trust

what am I doing wrong?

Last edited by newgargamel (2011-10-15 11:23:46)

Offline

#11 2011-10-15 11:03:31

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Testing package signing with pacman 4 in git

When pasting code, please use [ code ] tags https://bbs.archlinux.org/help.php#bbcode

like this

You need to set

SigLevel     = Optional TrustAll

in pacman.conf

Why aren't you reading the ML if you want to use [testing]??

Last edited by karol (2011-10-15 11:04:43)

Offline

#12 2011-10-15 11:22:58

newgargamel
Member
From: PL, CZ
Registered: 2005-08-28
Posts: 156

Re: Testing package signing with pacman 4 in git

karol wrote:

When pasting code, please use [ code ] tags https://bbs.archlinux.org/help.php#bbcode

like this

sorry

karol wrote:

You need to set

SigLevel     = Optional TrustAll

in pacman.conf

Why aren't you reading the ML if you want to use [testing]??

thanks! I commented it out in the wrong place. And ML is not that fun to read... wink

Offline

#13 2011-10-15 13:45:57

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: Testing package signing with pacman 4 in git

newgargamel wrote:
karol wrote:

You need to set

SigLevel     = Optional TrustAll

in pacman.conf

Why aren't you reading the ML if you want to use [testing]??

thanks! I commented it out in the wrong place. And ML is not that fun to read... wink

Then don't use [testing]. What does it being fun have anything to do with it?


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#14 2011-10-15 16:04:03

nathan28
Member
Registered: 2011-05-18
Posts: 61

Re: Testing package signing with pacman 4 in git

Noob question, but  I had never even noticed the "Mailing Lists" link on the front page. Which ones deal with information like this?

edit: Apologies for not searching, i found the answer was sitting in another browser tab i had open. double noob points today for me, i switched to decaf yesterday

Last edited by nathan28 (2011-10-15 16:13:23)


in the beginning was the switch operator

Offline

#15 2011-10-15 16:11:21

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Testing package signing with pacman 4 in git

nathan28 wrote:

Noob question, but  I had never even noticed the "Mailing Lists" link on the front page. Which ones deal with information like this?

arch-dev-public
Pleeeeease, search before posting: https://wiki.archlinux.org/index.php/Te … testing.5D

Offline

#16 2011-10-22 22:06:19

berbae
Member
From: France
Registered: 2007-02-12
Posts: 1,302

Re: Testing package signing with pacman 4 in git

When making today a new build of the last snapshot in git, I had to modify the ltmain.sh script.
Because the libtool package was updated (2.4-5 -> 2.4.2-1) yesterday, and the ltmain.sh script in the git tree was not updated to that new libtool release version.
The change was from

PROGRAM=libtool
PACKAGE=libtool
VERSION=2.4
TIMESTAMP=""
package_revision=1.3293

to

PROGRAM=libtool
PACKAGE=libtool
VERSION=2.4.2
TIMESTAMP=""
package_revision=1.3337

Without doing that I got that error:

libtool: Version mismatch error.  This is libtool 2.4, but the
libtool: definition of this LT_INIT comes from libtool 2.4.2.
libtool: You should recreate aclocal.m4 with macros from libtool 2.4
libtool: and run autoconf again.
make[3]: *** [add.lo] Erreur 63

I could finish successfully the build after I made the modification in ltmain.sh to the last libtool version.

Where can I report that bug in the git tree?
Have I to subscribe to pacman-dev mailing list, or is there another way to report a bug?

Offline

#17 2011-10-22 22:14:59

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Testing package signing with pacman 4 in git

@berbae
https://bbs.archlinux.org/viewtopic.php … 7#p1006517

You can report directly to the bug tracker.

Offline

#18 2011-10-22 22:25:41

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Testing package signing with pacman 4 in git


Absolutely nothing to do with the issue....

Online

#19 2011-10-22 22:27:01

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Testing package signing with pacman 4 in git

berbae wrote:

Where can I report that bug in the git tree?
Have I to subscribe to pacman-dev mailing list, or is there another way to report a bug?

Or use the bug tracker.  There is a pacman section.

But look at the archives for the pacman-dev list.  I provided the needed fix yesterday.

Online

Board footer

Powered by FluxBB